| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Mar 29 16:37:13 2006 From: michael.holstein at csuohio.edu (Michael Holstein) Subject: Hello everyone > After just a few hours of scanning (I have to start somewhere} I have > located quite a few routers that have their manufacturers password still > set not to mention loads of Windows machines that have port 139 open AND > have write access to the whole of the C: Drive in some instances. There goes 'ethical' right there. You didn't have permission to scan, and certainly didn't have a right to try to login to routers you found (their failure to secure it is not a defense since you knew it wasn't yours). > My question - since it is these machines that I understand will be the > computers that the hacker will use to hide him/her self and given that > there are tools around - just that I don't know of one yet - WHY doesn't > someone send a message to these machines that the owner will see and ASK > them politely to close up these holes? Perhaps something along the "net > send" command. I'll bet their/your ISP would absolutly *love* that. > If given the knowledge I'd be happy to devote a day or so doing just > this. Currently I don't yet have enough skills. It's real easy. Just look into the use of 'smbclient' with the -M option. This is better than doing it in windows because you can fake th e "from" address in the message. ~Mike.
Powered by blists - more mailing lists